
United States Patent and Trademark Office 



uNi>*n>jiwrV:s department of commerce 

Un/fed States ttitent and JlYaduniark Office 
AdSfesr^^MKVlONnij/OR PATH NTS 

A'lexandrV vTrpiii;i 223 ! 3 - 1 -i5i ) 
«^*'w. uspll.gov 



APPLICATION NO. 


PILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/920.919 


08/02/2001 


Kaijun Tan 


230074-0238 


7139 



2669* 7590 03/07/2007 

VENABLE LLP 
P.O. BOX 34385 
WASHINGTON, DC 20043-9998 



EXAMINER 



HOSSA1N. TANIM M 



ART UNIT 



PAPER NUMBER 



2145 



SHOR TENED STATUTORY PERIOD OF RESPONSE 



MAIL DATE 



DELIVERY MODE 



3 MONTHS 



03/07/2007 



PAPER 



Please find below and/or attached an Office communication concerning this application or proceeding. 



If NO period for reply is specified above, the maximum statutory period will apply and will expire 6 MONTHS 
from the mailing date of this communication. 



PTOL-90A (Rev. 10/06) 



Office Action Summary 


Application No. 

09/920,919 


Applicant(s) 

TAN ET AL 


C v omi nor 

Tanim Hossain 


Art Unit 

2145 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 29 December 2006 . 
2a)D This action is FINAL. 2b)|^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E] Claim(s) 1-20,22-27 and 33-40 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-20. 22-27. 33-40 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 ,□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment! s) 

1) O Notice of References Cited (PTO-892) 4) d Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. , 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 02272007 



Application/Control Number: 09/920,919 
Art Unit: 2145 



Page 2 



DETAILED ACTION 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-20, 22-27, and 33-40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Vishwanath (U.S. 2005/0149759) in view of Nairn (U.S. 6,779,1 15). 

As per claim 1, Vishwanath teaches a method for distributing data over a network 
comprising: issuing a certificate and a private key to a client for identifying the client in a 
transaction (paragraph 0702); storing the certificate and the private key in a portable token of the 
client and used by the client during a transaction, the portable token being a physical device 
removeably coupleable to a client computer (0702, figure 13; where the card is removeably 
coupleable); verifying a digital signature using the certificate stored in the token before 
distributing data to the client (0702, 0515); and distributing the data to the client (Abstract). 
Vishwanath does not specifically teach the generation of a message associated with the data 
being downloaded. Nairn teaches the generation and sending of a message associated with the 
data being downloaded to the client (column 10, lines 44-49; where the key to be decrypted is 
associated with the file). It would have been obvious to one of ordinary skill in the art at the 
time of the invention to include the generation of a message with distribution data into the 
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distribution of content, as taught by Nairn in the system of Vishwanath. The motivation for 
doing so lies in the fact that having a message with the distribution data would allow for better 
identification of the content, to judge whether the correct content is being transmitted, or provide 
a receipt for the downloaded information, for example. Both inventions are also from the same 
field of endeavor, namely the safe and secure transmission of media content through a network. 
Vishwanath-Naim does not specifically teach the generation of a message with at least part of a 
distinguishing number for the token used by the client. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to include the ability to transmit a message 
having a token distinguishing number associated with it, as this concept is well known to one of 
ordinary skill in the art. An example of this embodiment is the sending of a purchase receipt 
associated with a certain credit card. A part of the credit card number is displayed for record- 
keeping and verification purposes. Given that the token may be embodied in a card, this 
teaching would have been contemplated by one of ordinary skill in the art, for the purposes of 
verification, and keeping track of tokens/cards associated with certain downloads for the 
purposes of organization. 

As per claim 2, Vishwanath-Naim teaches the method of claim 1, further comprising 
providing the client with information necessary for establishing an account (Nairn: column 8, 
lines 33-56). 

As per claim 3, Vishwanath-Naim teaches the method of claim 2, further comprising 
providing the client with the token (Vishwanath: 0702). 

As per claim 4, Vishwanath-Naim teaches a method for distributing data over a network 
comprising: establishing a secure connection between a client and a server (Vishwanath: 0702); 
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issuing a certificate and a private key to the client for identifying the client in a transaction 
(Vishwanath: 0702); storing the certificate and the private key in a portable token of the client 
and used by the client during a transaction, the portable token including a unique distinguishing 
number and being in a physical device removeably coupleable to a client computer (Nairn: 
abstract, column 10, lines 44-49); and generating a message associated with the data being 
distributed to the client and associated with at least in part with the distinguishing number for the 
token used by the client during a transaction (Nairn: column 10, lines 44-49). 

As per claim 5, Vishwanath-Naim teaches the method of claim 4, further comprising 
distributing data to the client (Nairn: column 10, lines 44-49). 

As per claim 6, Vishwanath-Naim teaches the method of claim 5, further comprising 
requesting information from the client for establishing an account (Nairn: column 8, lines 33- 
56). 

As per claim 7, Vishwanath-Naim teaches the method of claim 4, wherein establishing a 
secure connection comprises establishing a secure connection using a security protocol (Nairn: 
column 8, lines 33-56). 

As per claim 8, Vishwanath-Naim teaches the method of claim 7, wherein the security 
protocol is the secure socket layer protocol (Nairn: column 8, lines 33-56). 

As per claim 9, Vishwanath-Naim teaches the method of claim 6, wherein the requesting 
information comprises requesting a credit card number (Nairn: column 8, lines 33-56). 

As per claim 10, Vishwanath-Naim teaches the method of claim 6, wherein requesting 
information comprises requesting a password (Nairn: column 8, lines 33-56). 
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As per claim 11, Vishwanath-Naim teaches the method of claim 4, wherein storing the 
certificate comprises: interfacing the token to a client computer (Nairn: column 8, lines 33-56); 
and writing the certificate and the private key to the token across the network (Nairn: page 2, 
paragraph 0043). 

As per claim 12, Vishwanath-Naim teaches the method of claim 4, wherein storing the 
certificate comprises: interfacing the token to a server computer; and writing the certificate to 
the token at the server computer (Nairn: column 8, lines 33-56; column 10, lines 44-49). 

As per claim 13, Vishwanath-Naim teaches the method of claim 5, wherein distributing 
data to the client comprises distributing a media player (Nairn: column 8, lines 33-56). 

As per claim 14, Vishwanath-Naim teaches a method for distributing data over a network 
comprising: establishing a secure connection between a client and a server (Vishwanath: 0702; 
Nairn: column 8, lines 33-56; column 10, lines 44-49); receiving a request from the client for 
data to be downloaded (Vishwanath: 0702; Nairn: column 8, lines 33-56; column 10, lines 44- 
49); generating a message associated with the data being downloaded to the client and associated 
with a portable token of the client and used by the client, the portable token being a physical 
device removeably coupleable to a client computer, the step of message generating comprising: 
including in the message a period of time for which the data may be used by the client 
(Vishwanath: 0105); and including in the message a symmetrical key used to encrypt the data 
from the server to the client over the network (Nairn: column 8, lines 33-56; column 10, lines 
44-49); and distributing the data and the associated message to the client (Nairn: column 8, lines 
33-56; column 10, lines 44-49). Vishwanath-Naim does not specifically teach the including in 
the message of a data identification number. It would have been obvious to one of ordinary skill 
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in the art at the time of the invention to include the data identification number in the message, as 
this concept is well known in the art. For example, in a summary of online purchases, the 
identification of the purchased data is included for bookkeeping purposes, which may also be 
presented as a serial number. As such, the inclusion of a data identification number would have 
been obvious to one of ordinary skill in the art, for the purposes of keeping track of purchases for 
example, leading to further efficiency of the invention. 

As per claim 15, Vishwanath-Naim teaches the method of claim 14, wherein establishing 
a secure connection comprises establishing a secure connection using a security protocol (Nairn: 
column 8, lines 33-56; column 10, lines 44-49). 

As per claim 16, Vishwanath-Naim teaches the method of claim 15, wherein the security 
protocol is the secure socket layer protocol (Nairn: column 8, lines 33-56; column 10, lines 44- 
49). 

As per claim 17, Vishwanath-Naim teaches the method of claim 14, wherein establishing 
a secure connection comprises requesting authentication information from the client; and sending 
authentication information from the server (Nairn: column 8, lines 33-56; column 10, lines 44- 
49). 

As per claim 18, Vishwanath-Naim teaches the method of claim 17, wherein requesting 
authentication information from the client comprises requesting a certificate from the client; and 
requesting a digital signature from the client (Nairn: column 8, lines 33-56; column 10, lines 44- 
49). 

As per claim 19, Vishwanath-Naim teaches the method of claim 17, wherein sending 
authentication information from the server comprises sending a certificate from the server; and 
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sending a digital signature from the server (Nairn: column 8, lines 33-56; column 10, lines 44- 
49). 

As per claim 20, Vishwanath-Naim teaches the method of claim 18, wherein requesting a 
certificate comprises reading the certificate from the token used by the client (Nairn: column 8, 
lines 33-56; column 10, lines 44-49). 

As per claim 22, Vishwanath-Naim teaches the method of claim 14, wherein generating a 
message further comprises generating a message using a public key (asymmetric) cryptographic 
algorithm (Nairn: column 8, lines 33-56; column 10, lines 44-49). 

As per claim 23, Vishwanath-Naim teaches a method of securely utilizing downloaded 
data comprising: opening a media player (Nairn: abstract); opening a data file (Nairn: column 
8, lines 33-56; column 10, lines 44-49); requesting a portable token from and used by a client, 
the portable token being a physical device removeably coupleable to a client computer (Nairn: 
column 8, lines 1-30; Vishwanath: 0702); reading a distinguishing number from the token 
(Nairn: column 8, lines 33-56; column 10, lines 44-49; where the reading and correspondence of 
a distinguishing number is obvious, as discussed in the treatment of claim 1); verifying a digital 
message associated with the data file and the token using the media player, the distinguishing 
number, and a private key in the token (Nairn: column 8, lines 33-56; column 10, lines 44-49). 

As per claim 24, Vishwanath-Naim teaches the method of claim 23, wherein in verifying 
a digital message, the media player reads the private key from the token to decrypt the digital 
message Nairn: column 8, lines 33-56; column 10, lines 44-49). 
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As per claim 25, Vishwanath-Naim teaches the method of claim 23, wherein in verifying 
a digital message, the media player sends the digital message to the token (Nairn: column 8, 
lines 33-56; column 10, lines 44-49). 

As per claim 26, Vishwanath-Naim teaches the method of claim 25 and the use of a 
public key to decrypt an encrypted symmetric key, but does not specifically teach the token's 
decryption of an encrypted symmetric key using the private key. It would have been obvious to 
one of ordinary skill in the art at the time of the invention to include the functionality of the use 
of a private key to decrypt an encrypted symmetric key, as it is well known in the art. (See: 
Fischer, U.S. 5,436,972; column 12, lines 36-45, for example). Also, the use of a private key to 
decrypt, over the use of a public key is a design choice, and is thus not patentably distinct. 

As per claim 27, Vishwanath-Naim teaches the method of claim 23, wherein verifying a 
digital message comprises verifying the distinguishing number read from the token (Nairn: 
column 8, lines 33-56; column 10, lines 44-49); verifying a time period associated with the data 
file (Vishwanath: 0105); decrypting an encrypted symmetrical key using the private key from 
the token; and decrypting the data file using the symmetrical key (see discussion of claim 26). 

As per claims 33-40, Vishwanath-Naim teaches the methods of claims 1,4, 14, and 23, 
but does not specifically teach that the distinguishing number for the token is assigned to the 
token by a manufacturer and that the number is permanently assigned to the token. It would 
have been obvious to one of ordinary skill in the art at the time of the invention to include that 
the distinguishing number is permanently assigned by a manufacturer, as this concept is well 
known to one of ordinary skill in the art. As an example, in the issuance of ID cards, RSA 
devices, and keycards, a distinguishing number is permanently assigned by a manufacturer to the 
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device. The purpose of this is to keep track of the particular token, and to be able to easily sort 
transactions associated with a particular number, for example. This increased organization 
would allow for further efficiency of the invention, and would have been obvious to one of 
ordinary skill in the art at the time of the invention. 

Response to Arguments 

Applicant's arguments filed on December 29, 2006 have fully been considered, and are 
respectfully traversed by the new grounds of rejection set forth above. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tanim Hossain whose telephone number is 571/272-3881 . The 
examiner can normally be reached on 8:30 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on 571/272-3933. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Tanim Hossain 
Patent Examiner 
Art Unit 2145 
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